Hive ransomware group claims to steal California health plan patient data

The Hive ransomware group, regarded for attacking health care organizations, posted on its darkweb website that it has stolen 850,000 individually identifiable information and facts (PII) documents from the Partnership HealthPlan of California.

The organization’s website now is composed of a landing page that claims the wellbeing approach has been “experiencing technical troubles,” such as a “disruption to certain pc devices.” The organization’s mobile phone units have a very similar information, with a recorded concept saying that “all of our methods are down, with no predicted time of maintenance.”

“We are operating diligently with 3rd-social gathering specialists to examine the source of this disruption, verify its influence on our techniques, and to restore comprehensive performance to our units as soon as attainable,” the health program mentioned in the concept on its web page, which is not dated.

The Partnership HealthPlan of California claims it has established up Gmail addresses for people and suppliers to call. VentureBeat has emailed the deal with for general inquiries.

Brett Callow, a threat analyst at cybersecurity agency Emsisoft, claimed in a concept to VentureBeat that “establishing alternate interaction channels is a standard participate in in incident response.”

“Even if your electronic mail program is functioning, the attackers could have accessibility and be able to keep an eye on communications,” Callow claimed.

The complex troubles surface to have begun quite a few times back. The Press Democrat documented on the problems on March 24, without the need of mention of a cyberattack, and indicated that the health system has extra than 618,000 customers in Northern California.

The Hive ransomware group posted its declare about the stolen Partnership HealthPlan of California information on Tuesday. The facts includes 850,000 unique PII documents, such as title, social stability selection and handle, according to the group. The stolen knowledge also incorporates 400 GB of stolen data files from the organization’s server, Hive claimed.

The ransomware team has been active due to the fact at least June 2021, which is the initial time the team posted on its “HiveLeaks” darkweb internet site.

Previous described ransomware attacks by Hive have integrated an August 2021 attack from Memorial Wellness Process, which has hospitals in Ohio and West Virginia, and an Oct 2021 assault versus Johnson Memorial Wellbeing in Indiana.

A prior inform from the FBI warned that the Hive ransomware group “likely operates as an affiliate-dependent ransomware, employs a large range of tactics, tactics, and treatments (TTPs), developing important challenges for protection and mitigation.”

“Hive ransomware utilizes multiple mechanisms to compromise enterprise networks, such as phishing e-mails with malicious attachments to acquire entry and Distant Desktop Protocol (RDP) to transfer laterally the moment on the network,” the FBI mentioned. “After compromising a victim network, Hive ransomware actors exfiltrate info and encrypt information on the network. The actors depart a ransom be aware in every single affected listing in a victim’s procedure, which offers recommendations on how to buy the decryption computer software. The ransom take note also threatens to leak exfiltrated sufferer information on the Tor web-site, ‘HiveLeaks.’”